Method and apparatus for access to user-specific encryption information
First Claim
1. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to process a request for access to user specific encryption information of one of the plurality of end-users, the method comprises the steps:
- a) receiving, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;
one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
b) determining authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
c) providing the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for accessing user specific encryption information is accomplished upon receiving a request for access to user specific encryption information from a requesting entity. Based on the identity of the requesting entity and/or the type of request, a server determines the requesting entity'"'"'s authorized level of access to user specific encryption information. Based on the authorized level of access, the requesting entity is provided with controlled access to the user specific information.
-
Citations
28 Claims
-
1. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to process a request for access to user specific encryption information of one of the plurality of end-users, the method comprises the steps:
-
a) receiving, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;
one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
b) determining authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
c) providing the requesting entity with controlled access to the user specific encryption information based on the authorized level of access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
generating an encryption public key certificate and a distinct signature public key certificate for an end-user of the plurality of users;
storing, by the server, the long term decryption private key corresponding to the encryption public key certificate of the end-user; and
automatically, from time to time, updating the encryption public key certificate and, independently over time, the distinct signature public key certificate.
-
-
3. The method of claim 1, wherein, when the requesting entity is the one of the plurality end-users, step (b) further comprises determining the level of access of the one of the plurality of end-users to be receipt of at least one long term decryption key;
- and wherein step (c) further comprises providing the at least one long term decryption private key to the one of the plurality of end-users.
-
4. The method of claim 1, wherein, when the requesting entity is the system administrator of the secure system, step (b) further comprises determining the level of access of the system administrator to be receipt of at least one long term description key, and wherein step (c) further comprises providing the at least one long term decryption private key to at least one of:
- the one of the plurality of end-users and the system administrator.
-
5. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of at least one long term decryption key of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the long term decryption private key of the one of the plurality of end-users users, wherein the providing is done via at least one of an online communication and a store-and-forward communication.
-
6. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of a session key of a particular communication of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the session key of a particular communication of the one of the plurality of end-users, wherein the particular communication is at least one of an online communication and a store-and-forward communication.
-
7. The method of claim 6 further comprises:
providing a symmetric key encrypted using a public key of the one of the plurality of end-users as the session key, wherein the symmetric key is provided to the requesting entity as at least one of;
clear symmetric key, encrypted session key using a public key of the requesting entity, and encrypted using a unique symmetric key that is known by the server and the requesting entity.
-
8. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of plain text of a particular communication of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the plain text of a particular communication of the one of the plurality of end-users when the third party provided ciphertext with a wrapped key, wherein the providing is done via at least one of an online communication and a store-and-forward communication.
-
9. The method of claim 1 further comprises:
-
receiving the request from a third party, wherein the request is requesting the user specific encryption information for a specific period of time;
interpreting time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
providing the third party with the controlled access to the user specific encryption information for encrypted communications that occur within the specific period of time.
-
-
10. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to recover user specific encrypted information of one of the plurality of end-users, the method comprises the steps of:
-
a) receiving, from a requesting entity, a request for recovery of the user specific encrypted information, wherein the request is requesting the user specific encryption information for a specific period of time, and wherein the requesting entity includes at least one of;
one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
b) determining authorized level of access to the user specific encrypted information based on at least one of;
identity of the requesting entity and the request;
c) interpreting time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
d) providing the requesting entity controlled access to the user specific encryption information for encrypted communications that occur within the specific period of time, wherein the controlled access is based on the authorized level of access. - View Dependent Claims (11, 12)
-
-
13. A server comprising:
-
a processing device;
first memory for storing a copy of long term decryption private keys for each of a plurality of end-users; and
second memory that stores programming instructions that, when read by the processing device, causes the processing device to (a) receive, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;
one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
(b) determine authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
(c) provide the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
receive the request from a third party, wherein the request is requesting the user specific encryption information for a specific duration of time;
interpret time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
provide the third party with the controlled access to the user specific encryption information for encrypted communications that occur within the specific duration of time.
-
-
20. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to generate an encryption public key certificate and a distinct signature public key certificate for an end-user of the plurality of users, and automatically, from time to time, update the encryption public key certificate and the distinct signature public key certificate.
-
21. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide a long term decryption private key of the one of the plurality of end-users when the requesting entity is a system administrator.
-
22. A digital storage medium that stores programming instructions that, when read by a processing device, causes the processing device to recover user specific encrypted information in a secure system, the digital storage medium comprises:
-
first means for storing programming instructions that, when read by the processing device, causes the processing device to receive, from a requesting entity, a request for access to the user specific encrypted information, wherein the requesting entity includes at least one of;
one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
second means for storing programming instructions that, when read by the processing device, causes the processing device to determine authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
third means for storing programming instructions that, when read by the processing device, causes the processing device to provide the requesting entity with controlled access to the user specific encryption information based on the authorized level of access. - View Dependent Claims (23, 24, 25, 26, 27, 28)
receive the request from a third party, wherein the request is requesting the user specific encryption information for a specific duration of time;
interpret time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
provide the third party with the controlled access to the user specific encryption information for encrypted communications that occur within the specific duration of time.
-
Specification